Sign up to save your podcasts
Or
Share SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials
ADS & Python Tools
Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams.
https://isc.sans.edu/diary/ADS%20%26%20Python%20Tools/32058
Enhanced security defaults for Windows 365 Cloud PCs
Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhanced-security-defaults-for-windows-365-cloud-pcs/4424914
CVE-2025-34508: Another File Sharing Application, Another Path Traversal
Horizon3 reveals details of a recently patched directory traversal vulnerability in zend.to.
https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/
Unexpected security footguns in Go's parsers
Go parsers for JSON and XML are not always compatible and can parse data in unexpected ways. This blog by Trails of Bits goes over the various security implications of this behaviour.
https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/
View all episodes
By Johannes UllrichADS & Python Tools
Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams.
https://isc.sans.edu/diary/ADS%20%26%20Python%20Tools/32058
Enhanced security defaults for Windows 365 Cloud PCs
Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhanced-security-defaults-for-windows-365-cloud-pcs/4424914
CVE-2025-34508: Another File Sharing Application, Another Path Traversal
Horizon3 reveals details of a recently patched directory traversal vulnerability in zend.to.
https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/
Unexpected security footguns in Go's parsers
Go parsers for JSON and XML are not always compatible and can parse data in unexpected ways. This blog by Trails of Bits goes over the various security implications of this behaviour.
https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/